Still poking around

I still have my original BeBoxen. :slight_smile: I haven’t had time to closely follow Haiku-OS’ development in recent years; been tied up with Smoothwall Express work and other projects. But I have been keeping an eye on it. I read the RSS feeds when they appear. And I occasionally use Haiku when I need stand-alone systems to connect through a test firewall (all running in KVMs on Debian Wheezy).

I just installed the latest nightly build (74390?) No complaints, only observations:

  • Had one WebPositive crash for no apparent reason. The URL I went to worked OK after that. The key bindings tend to differ from the de-facto standards, but someone (pulkomandy?) remarked on it recently.
  • Surprised to see it boot with virtio devices. But only the HD was recognized, not the NIC.
  • The host mouse tracks better with Haiku's cursor in vncviewer than it has in the past, but it's still a trifle annoying. There *gotta* be a way to synchronize the two, to lock Haiku's cursor to the host's cursor.

    Get me a good email program (with modern IMAPS), and qemu for VMs and I might be able to end my 12-13 year sojourn through Windows, SuSe and Debian after BeOS and get back to a fast, responsive desktop. Yeah, the Vishera 8350 mitigates the UI growth to a good degree, but still.

    Keep plugging away! It’s getting there…

    (Posted with WebPositive)

  • 1 Like

    Here’s your qemu:

    • http://myfreenet.ru/hpkgsrc/i386/emulators/qemu-haiku-2.1.0nb20140919.tgz

    I have a work-in-progress synergy add-on for Haiku. Interestingly, it works perfectly well with VMs. I ran VirtualBox on my OS X host, and could move the mouse cursor from the OS X screen into the VM screen quite naturally.

    It's located at https://github.com/jessicah/haiku/tree/synergy for now. Can be built using jam 'synergy' from my Haiku branch.

    To enable, create the file ~/config/settings/synergy_settings and add the following lines:

    enable true
    server ip.address.of.server
    

    I use it all the time now with my native Haiku install, as I have problems with my USB mouse; there's still the odd hiccup, but for the most part, seems to be working well.

    So, fest3er, coming from Smoothwall Express, do you have any ideas about a firewall for Haiku? Since Haiku uses bash, and bash includes iptables, wouldn’t it be a not-too-difficult task to either port an existing firewall or make a new one? Or do you know of other makeshift ways - maybe some bash commands - to add some protection to Haiku? I know the general view is that Haiku is not an attack target, but some organisations and individuals are targets no matter what systems they use.

    bash is a shell, the reason you can type ‘iptables’ into bash on a Linux-based system and have that do something is because, as a shell, bash runs installed executables from the PATH and iptables is the name of an executable on your PATH.

    The actual iptables firewall architecture is an old Linux kernel feature, the program ‘iptables’ just manages this feature. So it won’t do you any good to port just the program to Haiku.

    iptables is integrated with the technology inside the Linux kernel. I doubt it’d successfully work on Haiku.

    Been a while since I looked in here. Been busy with Smoothwall Express and getting 8 updates out.

    A qemu option that fixes the mouse:
    -usb -usbdevice tablet
    (Duh! I should’ve realized that a tablet pointing device would be the solution: where the pointer is, the cursor is.)

    Recently been dealing with a ‘dicey’ system; on my desktop, the CPU fan just wouldn’t spin fast enough. After much rending of garments and gnashing of teeth, I discovered that the Vishera 8350 (slightly overclocked to 4.4GHz and the 1866 RAM to 2133) draws more than 22A of 12VDC, at least when compiling gcc and linux using all 8 cores. Once I figured that out, I bought a Corsair RM750x P/S (single 12VDC rail) from Newegg (about $60 after rebates). 12VDC is rock solid now and the stock CPU fan once again spins up to 6200 RPM and is able to keep the CPU under 60°C: important when the linux compile keeps all 8 cores full bore for 7 minutes.

    It would be, mmm, interesting to see if netfilter could be adapted to Haiku-OS. As I understand, there are hooks in the Linux network stack that make calls into netfilter in various stages of packet processing (PREROUTING, INPUT, FORWARD, OUTPUT, POSTROUTING). If you know Haiku’s networking code, http://www.docum.org/docum.org/kptd/ might be of some use. It’s old, but still reasonably reflects the path packets (more likely pointers to packets) take as they travel through Linux’s network stack. But with nftables replacing iptables/ebtables, the diagram may need significant redrawing.

    Basically, you’d need conntrack (it is the ‘Stateful Packet Inspection’ part) so you can know if a packet is NEW (the first packet of the association between two endpoints), ESTABLISHED (the rest of the packets in the association), RELATED (the first packet of an association a helper has determined to be related to an existing conn (such as the data connection of an existing FTP control connection), or INVALID (conntrack has no idea what to do with this packet or why it was received; it would’ve been an ESTABLISHED packet except that it belongs to no active conntrack).

    You would need filter to decide which packets are allowed, which are rejected (with return notification), and which are dropped (as though never received).

    You might need nat, not so much for changing the address, but more to redirect the packet to a different port (for a transparent web/NTP/DNS/SIP proxy, for example).

    For a standalone system (only one NIC and no forwarding between them), you could probably get away with conntrack and filter to start with.